本帖最后由 zapline 于 2010-2-17 23:29 编辑
主要功能:根据需要,修改PE文件的区段名称,达到伪装,装逼等作用!
程序界面设计:
产生随机字符的代码:
char CChangeSectionNameDlg::GetChar()
{
return (char)(rand()%92+33);
}
主要功能实现代码:
void CChangeSectionNameDlg::OnDo()
{
UpdateData(TRUE);
if (m_bak == TRUE)
{
CString fn;
fn = m_FileName + ".bak";
CopyFile(m_FileName,fn,TRUE);
fn.ReleaseBuffer();
}
CFile f;
int secNum,n,m;
IMAGE_DOS_HEADER dh;
IMAGE_NT_HEADERS nh;
IMAGE_SECTION_HEADER sh;
f.Open(m_FileName,CFile::modeReadWrite);
f.Read(&dh,sizeof(IMAGE_DOS_HEADER));
f.Seek(dh.e_lfanew,CFile::begin);
f.Read(&nh,sizeof(IMAGE_NT_HEADERS));
secNum = nh.FileHeader.NumberOfSections;
if (m_mode == 0)
{
for (n=0;n<secNum;n++)
{
f.Read(&sh,sizeof(IMAGE_SECTION_HEADER));
for (m=0;m<8;m++)
{
sh.Name[m] = GetChar();
}
f.Seek(-sizeof(IMAGE_SECTION_HEADER),CFile::current);
f.Write(&sh,sizeof(IMAGE_SECTION_HEADER));
}
}
else if (m_mode == 1)
{
for (n=0;n<secNum;n++)
{
f.Read(&sh,sizeof(IMAGE_SECTION_HEADER));
sh.Name[0] = 'z';
sh.Name[1] = 'a';
sh.Name[2] = 'p';
sh.Name[3] = '.';
for (m=4;m<8;m++)
{
sh.Name[m] = GetChar();
}
f.Seek(-sizeof(IMAGE_SECTION_HEADER),CFile::current);
f.Write(&sh,sizeof(IMAGE_SECTION_HEADER));
}
}
else
{
char xName[6][8] = {"zapline","zap.vm ","zap.crc",{'z','a','p','.','a','n','t','i'},"zapline",{'f','u','c','k','x','i','m','o'}};
for (n=0;n<secNum;n++)
{
f.Read(&sh,sizeof(IMAGE_SECTION_HEADER));
for (m=0;m<8;m++)
{
sh.Name[m] = xName[n][m];
}
f.Seek(-sizeof(IMAGE_SECTION_HEADER),CFile::current);
f.Write(&sh,sizeof(IMAGE_SECTION_HEADER));
if (n == 5)
{
break;
}
}
for (n=5;n<secNum;n++)
{
f.Read(&sh,sizeof(IMAGE_SECTION_HEADER));
for (m=0;m<8;m++)
{
sh.Name[m] = GetChar();
}
f.Seek(-sizeof(IMAGE_SECTION_HEADER),CFile::current);
f.Write(&sh,sizeof(IMAGE_SECTION_HEADER));
}
}
f.Close();
MessageBox("OK!");
}
程序运行的界面:
三种模式效果图:
可执行文件+源码:
Release.rar
(157.27 KB, 下载次数: 304)
ChangeSectionName.rar
(226.4 KB, 下载次数: 2348)
| 
发表于 2010-2-17 23:26
发表于 2010-2-17 23:37
